Showstopper bugs with security certificates—plus failing USB keyboards and mice—cause QA questions.

#Microsoft​’s #Windows security update rollup is badly buggy this month. Post-patch, the #WinRE recovery environment doesn’t work with most keyboards and mice. And a fix for a cryptography bypass bug is causing failures at several enterprises, requiring rollbacks or registry edits to resolve.

It’s leading to inevitable concerns about the #Windows dev process. In #SBBlogwatch, we grab a Linux ISO.

@TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/10/patch-tuesday-fail-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc $MSFT

Researchers discover a new way to steal secrets from #Android apps.

Anything any Android app can display is vulnerable to the #Pixnapping attack—including #2FA codes. That’s the worrying claim from a group of researchers this week. “It’s like Rowhammer, but for the screen,” quips one wag.

Google thought it had already fixed the previously undisclosed flaw. But the group’s demo says not. In #SBBlogwatch, we blur the pels.

@TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/10/pixnapping-android-attack-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc

CVSS 10.0 vulnerability in ubiquitous cloud storage layer. PATCH NOW.

#Redis (Remote Dictionary Server) and its open source fork #Valkey share a scary flaw that can give an attacker full remote code execution. It’s been assigned a maximum CVSS score of 10.0—which is something you don’t often see.

Redis shouldn’t normally be exposed to the internet, but it often is. In #SBBlogwatch, we descend a layer.

@TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/10/redis-valkey-redishell-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc #RediShell

Breaking: Big #beer brewer belatedly believes bitten by ransomware—and likely a data breach.

#Japan​’s biggest producer of beer is still not producing any beer this week. #Asahi Group Holdings shut down production Monday after detecting a cyber intruder.

And today it’s confirmed fears of #ransomware. In #SBBlogwatch, we dry out.

@TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/10/japan-asahi-beer-ransomware-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc

Yet another security problem plaguing #SonicWall customers.

The #Akira #ransomware gang have found a way to override the multifactor authentication in #SonicWall SSL VPN appliances. These scrotes appear to be able to move laterally from the VPN boxes to deploy ransomware.

It’s worrying that they’ve broken SonicWall’s #2FA. In #SBBlogwatch, we hear customers’ anger.

https://securityboulevard.com/2025/09/sonicwall-akira-ransomware-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc

#JaguarLandRover woes worse than previously thought.

The iconic British brand today warned its business would stay stalled for even longer. And a loose confederation of threat actors, now calling itself Scattered Lapsus$ Hunters, has claimed responsibility for hacking the big car firm—via tedious Telegram trolling.

Yes, it’s those Salesforce vish kiddies again. In #SBBlogwatch, we drive the point home.

@TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/09/jaguar-land-rover-troll-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc

“Like an arsonist selling firefighting services,” quips this 76-year-old.

U.S. senator #RonWyden (pictured) is demanding the #FTC do something about #Microsoft already. He says Satya’s crew are to blame for some awful #ransomware attacks exploiting a vulnerability that’s more than 10 years old.

Known as #Kerberoasting, the exploit affects #ActiveDirectory installs that aren’t configured to modern specs. In #SBBlogwatch, we wonder where to point fingers: https://securityboulevard.com/2025/09/ron-wyden-microsoft-kerberoasting-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc

Restaurant Brands International (RBI) “assistant” platform riddled with terrible #security flaws.

A pair of ethical hackers discovered a bunch of “catastrophic” vulns in the code running 30,000 #BurgerKing, #TimHortons, #Popeyes and #FirehouseSubs locations. Owner #RBI quickly fixed the flaws, but then its contractor #Cyble issued a sus-seeming #DMCA takedown notice.

Tale as old as time: Poor, unfortunate $8½ billion corporation vs. evil, vindictive, millennial hackers. In #SBBlogwatch, we rule.

@TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/09/burger-king-rbi-bobdahacker-bobtheshoplifter-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc

Well? Should they? Let’s ask Ian Betteridge.

Four weeks ago, #Google admitted it was hacked by #ShinyHunters and/or #ScatteredSpider—via #vishing. Sadly, this sparked a journalistic game of Telephone: Over the space of four weeks, “This #Salesforce instance got vished,” quickly became, “2.5 billion #Gmail users hacked!!1!”

Sigh. “This is entirely false,” complains Google. In #SBBlogwatch, we bait for clicks during dog days.

@TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/09/gmail-hack-telephone-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc

#ScatteredSpider claims another #Salesforce instance—albeit three months ago.

A subsidiary of Zurich Insurance (SIX:ZURN) admitted to a huge leak: More than one million customers’ data. #FarmersGroup is the latest corporation ’fessing up to its data going AWOL via Salesforce vishing.

Farmers also trades as Foremost, Bristol West, Farmers Life and 21st Century Insurance. In #SBBlogwatch, we wonder what their Swiss masters will think.

@TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/08/farmers-group-salesforce-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc

#HTTPS connections on port 443 received forged replies.

Chinese web users couldn’t access websites outside the People’s Republic yesterday. The outage lasted an hour and a quarter—with no explanation. Nobody’s sure whether it was a mistake or an ominous test of new #censorship capabilities.

But some are linking it to a recent outage in #Pakistan. In #SBBlogwatch, we shave with Hanlon’s razor.

@TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/08/great-firewall-china-web-74-minutes-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc #GreatFirewall #China

Brits agree to change course, but Tim still shtum.

The U.S. administration is celebrating a “mutually beneficial understanding” with the #UK, meaning #Apple won’t need to backdoor #iCloud. (As we learned six months ago, those pesky Brits were demanding Apple break its end-to-end encryption, also known as Advanced Data Protection​—​#ADP.) National intelligence director Tulsi Gabbard and White House veep JD Vance seem happy about it, anyway.

However, it’s not entirely clear that anything’s really changed. In #SBBlogwatch, we doctor the spin.

https://securityboulevard.com/2025/08/uk-apple-adp-tulsi-gabbard-jd-vance-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc

Sen. Hassan is on the warpath.

At least 35 data brokers employed #DarkPatterns to discourage #Californian​s from exercising their privacy rights. Researchers say the companies hid legally required web pages from #Google—so people can’t find them.

This U.S. senator is not at all happy, accusing the firms of “requiring people to navigate byzantine labyrinths.” In #SBBlogwatch, we join Maggie Hassan (D-N.H.) in her trisyllabic dissatisfaction.

@TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/08/data-brokers-act-badly-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc #CCPA

Old, bug-prone app relies on you to go look for update files.

Venerable file compression-cum-archiving tool suffers yet another exploited vulnerability, causing the sole developer to issue a patch. Is it time to ditch WinRAR?

Yes! Here’s why: Eugene Roshal (pictured) doesn’t believe in automatic updates. In #SBBlogwatch, we can’t believe it’s still like that in 2025.

@TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/08/winrar-romcom-tropical-scorpius-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc

#ShinyHunters group hacked big-G and stole a load of customer data from a #Salesforce cloud instance.

This week, #Google finally admitted it got socially engineered—leading to a breach of #CRM data. Yes, you read that right: Google got vished.

Do the scrotes have your info? We don’t know and Google’s not saying.

What’s worse is this happened a couple of MONTHS ago. In #SBBlogwatch, we wonder why it took Google so long to tell us:
https://securityboulevard.com/2025/08/google-breach-salesforce-shinyhunters/

It records everything you say (and what people around you say, too).

The company behind the #Bee bracelet is being bought by #Amazon. Think of it as Copilot+ Recall for the real world. It seems like Jeff Bezos (pictured) just can’t get enough of knowing everything about you and your life.

Naturally, this raises a ton of privacy questions. In #SBBlogwatch, we have more questions than answers.

@TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/07/amazon-buys-bee-ai-privacy-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc

#Railroad industry first warned about this nasty vulnerability in 2005.

Freight trains in the U.S. use a radio link between front and rear, designed around 40 years ago. It’s emerged that the Flashing Rear End Device (#FRED) can be told to slam on the brakes via an extremely weak wireless protocol.

The latest researcher to signal the problem says, “You could shutdown the entire railway system.” In #SBBlogwatch, we get to the points.

@TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/07/train-fred-vuln-20-years-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc

Three teenage males and a young woman hauled away by cops, suspected of hacking huge retailers.

Four youngsters are in custody today, alleged to be the notorious #ScatteredSpider hackers (or at least, some of them). The “loose affiliation” of hackers is suspected of badly disrupting operations at three large retail chains since April.

The four are innocent until proven guilty. In #SBBlogwatch, we channel Sir William Garrow.

@TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/07/arrests-scattered-spider-richixbw/

M&S head Archie Norman won’t say if he authorized #DragonForce #ransomware hacker payday.

British shopping titan M&S is still dealing with the mess caused by April’s #ransomware attack. There’s at least three months more work ahead says the firm’s chairman, Archie Norman (pictured).

But there are persistent rumors M&S paid #ScatteredSpider’s ransom demand. In #SBBlogwatch, Norman will neither confirm nor deny.

@TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/07/marks-spencer-archie-norman-ransom-richixbw/

Content warning: Domestic abuse, stalking, controlling behavior, Schadenfreude, irony.

A new data leak shows the dangers of secret, silent #stalkerware. An app known as #Catwatchful appears to be just as insecure as all the others.

The Catwatchful app’s user login database was vulnerable to a simple #SQLinjection attack. In #SBBlogwatch, we call for Little Bobby Tables.

@TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/07/catwatchful-stalkerware-data-breach-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc

(Also known as #spouseware and #creepware, this vile trade enables all manner of frightening and dangerous abuse, from stalking to serious sexual assault. It’s no laughing matter.)